W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2013

Re: Trimming the SecurityPolicy DOM interface

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Sat, 27 Apr 2013 11:57:41 -0700
Message-ID: <CAPfop_0DujiL50FNYTGSuXWx-N6LaU-_1FivcGFt9apAwwxNgw@mail.gmail.com>
To: Alex Russell <slightlyoff@google.com>
Cc: Adam Barth <w3c@adambarth.com>, public-webappsec@w3.org, Mike West <mkwst@google.com>, "www-tag@w3.org List" <www-tag@w3.org>
Hi Alex,

I am not sure I follow what "implement CSP policy enforcement" refers
to. The interfaces, as far as I know, were always read-only for a
script to figure out the policy the browser is currently enforcing.
They never allowed you to modify/upgrade the current policy. Such an
interface would be a great candidate for a possible CSP1.2.

--dev
Received on Saturday, 27 April 2013 18:58:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC